MONTI Ransomware - a New Conti Clone

ransomware

MONTI ransomware is a new ransomware variant based on Conti ransomware code.

The MONTI ransomware is likely built using leaked code from the Conti group after tons of Conti information was leaked in early 2022.

The ransomware encrypts all files on the victim system, appending a random string of five characters as a new extension. This process can make a file named "document.txt" transform into something similar to "document.txt.KFIKN".

The ransom note is dropped inside a file named "readme.txt" and contains the following text:

All of your files are currently encrypted by MONTI strain. If you don't know who we are - just "Google it."

As you already know, all of your data has been encrypted by our software.

It cannot be recovered by any means without contacting our team directly.

DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However,

if you want to try - we recommend choosing the data of the lowest value.

DON'T TRY TO IGNORE us. We've downloaded a pack of your internal data and are ready to publish it on our news website if you do not respond.

So it will be better for both sides if you contact us as soon as possible.

DON'T TRY TO CONTACT feds or any recovery companies.

We have our informants in these structures, so any of your complaints will be immediately directed to us.

So if you will hire any recovery company for negotiations or send requests to the police/FBI/investigators, we will consider this as a hostile intent and initiate the publication of whole compromised data immediately.

To prove that we REALLY CAN get your data back - we offer you to decrypt two random files completely free of charge.

You can contact our team directly for further instructions through our website :

TOR VERSION :

(you should download and install TOR browser first hxxps://torproject.org)

YOU SHOULD BE AWARE!

We will speak only with an authorized person. It can be the CEO, top management, etc.

In case you are not such a person - DON'T CONTACT US! Your decisions and action can result in serious harm to your company!

Inform your supervisors and stay calm!

The ransom note makes it abundantly clear that the ransomware is targeting businesses and companies and is not aimed at home users.

September 13, 2022